Penetration Testing

The main objective of the Penetration Testing is to provide a reliable indication of the current information security level. The identification of the main risks and threats at the application, infrastructures and network levels is our main resource for organizations’ information security level estimation

See – Secure provides the following penetration tests:

Application Penetration Testing:

​

Under the scope of the evaluation, the following elements will be assessed from a security perspective and the following elements, controls, mechanisms and security related features will be evaluated.
Business Validation Checks:

Data Access Layer Protection & Data Validation:

Session Management

Authentication Mechanisms:

Authorization Mechanism:

Memory Corruption and DOS

Combined Attacks and Attack Scenarios:

Infrastructure Penetration Testing:

​

Under the scope of the evaluation, the following elements will be addressed, from a security
perspective and will address the following the system’s elements:

Bypassing detection mechanisms

Attacking password management mechanisms.

Attempts to switch between different systems users.

Check the system’s information leakage as a result of various attacks on the system.

Checking the existence of system backdoors (intentional and unintentional).

Integrity checking the mechanisms to address unpredictable system errors and dealing with unexpected

situations.

Checking the security mechanisms in transit of sensitive information between servers and during storage,

and use of cryptographic mechanisms

Exploiting the system’s documentation and monitoring mechanisms. The test will also include the protection and management mechanisms for access to the database.

Use automatic / manual tools to scan and find system vulnerabilities.

Utilizing a set of tests on the servers in order to draw information and get CLI access.

Utilizing exploit deficiencies that were found during the test in order to gain full access to the server.

​

​

​

​

​

​

​

​

​

​

​

​

​

​

​

Device configuration review:

​

The configuration review inspects specific devices and their configuration, and misconfiguration from a security point of view. Some of the reviewed topics includes:

Code Review:

Risk Determination & Reporting

The report provides a list of design and code level security vulnerabilities, categorized according to the severity of

the finding, as well as remedial steps for improving overall development process.